Lucene search
Copyright (C) 2023 Greenbone AGOPENVAS:13614125623111120235481HistoryAug 21, 2023 - 12:00 a.m.
Debian: Security Advisory (DSA-5481-1)
2023-08-2100:00:00
Copyright (C) 2023 Greenbone AG
plugins.openvas.org
4
debian 11
debian 12
fastdds
security advisory
c++ implementation
dds
denial of service
arbitrary code
update
installation
8.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
9.4 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
19.5%
The remote host is missing an update for the Debian
# SPDX-FileCopyrightText: 2023 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.1.1.1.2023.5481");
script_cve_id("CVE-2023-39534", "CVE-2023-39945", "CVE-2023-39946", "CVE-2023-39947", "CVE-2023-39948", "CVE-2023-39949");
script_tag(name:"creation_date", value:"2023-08-21 09:28:09 +0000 (Mon, 21 Aug 2023)");
script_version("2024-02-02T05:06:10+0000");
script_tag(name:"last_modification", value:"2024-02-02 05:06:10 +0000 (Fri, 02 Feb 2024)");
script_tag(name:"cvss_base", value:"7.8");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:C");
script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2023-08-21 18:17:36 +0000 (Mon, 21 Aug 2023)");
script_name("Debian: Security Advisory (DSA-5481-1)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2023 Greenbone AG");
script_family("Debian Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/debian_linux", "ssh/login/packages", re:"ssh/login/release=DEB(11|12)");
script_xref(name:"Advisory-ID", value:"DSA-5481-1");
script_xref(name:"URL", value:"https://www.debian.org/security/2023/DSA-5481-1");
script_xref(name:"URL", value:"https://security-tracker.debian.org/tracker/DSA-5481");
script_xref(name:"URL", value:"https://security-tracker.debian.org/tracker/fastdds");
script_tag(name:"summary", value:"The remote host is missing an update for the Debian 'fastdds' package(s) announced via the DSA-5481-1 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"Multipe security issues were discovered in Fast DDS, a C++ implementation of the DDS (Data Distribution Service), which might result in denial of service or potentially the execution of arbitrary code when processing malformed RTPS packets.
For the oldstable distribution (bullseye), these problems have been fixed in version 2.1.0+ds-9+deb11u1.
For the stable distribution (bookworm), these problems have been fixed in version 2.9.1+ds-1+deb12u1.
We recommend that you upgrade your fastdds packages.
For the detailed security status of fastdds please refer to its security tracker page at: [link moved to references]");
script_tag(name:"affected", value:"'fastdds' package(s) on Debian 11, Debian 12.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-deb.inc");
release = dpkg_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "DEB11") {
if(!isnull(res = isdpkgvuln(pkg:"fastdds-tools", ver:"2.1.0+ds-9+deb11u1", rls:"DEB11"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"libfastrtps-dev", ver:"2.1.0+ds-9+deb11u1", rls:"DEB11"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"libfastrtps-doc", ver:"2.1.0+ds-9+deb11u1", rls:"DEB11"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"libfastrtps2", ver:"2.1.0+ds-9+deb11u1", rls:"DEB11"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
if(release == "DEB12") {
if(!isnull(res = isdpkgvuln(pkg:"fastdds-tools", ver:"2.9.1+ds-1+deb12u1", rls:"DEB12"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"libfastrtps-dev", ver:"2.9.1+ds-1+deb12u1", rls:"DEB12"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"libfastrtps-doc", ver:"2.9.1+ds-1+deb12u1", rls:"DEB12"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"libfastrtps2.9", ver:"2.9.1+ds-1+deb12u1", rls:"DEB12"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
Related
osv
osv
fastdds - security update
2023-08-20 00:00:00
fastdds vulnerabilities
2023-08-24 17:34:36
CVE-2023-39534
2023-08-11 14:15:13
debian
debian
[SECURITY] [DSA 5481-1] fastdds security update
2023-08-20 17:44:52
nessus
nessus
Debian DSA-5481-1 : fastdds - security update
2023-08-22 00:00:00
Ubuntu 22.04 ESM / 23.04 : Fast DDS vulnerabilities (USN-6306-1)
2023-08-24 00:00:00
ubuntu
ubuntu
Fast DDS vulnerabilities
2023-08-24 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-6306-1)
2023-08-25 00:00:00
cve
cve
ubuntucve
ubuntucve
cvelist
cvelist
nvd
nvd
debiancve
debiancve
prion
prion
Design/Logic Flaw
2023-08-11 14:15:00
Information disclosure
2023-08-11 14:15:00
Information disclosure
2023-08-11 14:15:00
8.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
9.4 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
19.5%
Related for OPENVAS:13614125623111120235481